Re: Possible flaw in XFree?

From: Philip Rowlands (phrat_private)
Date: Fri Jun 28 2002 - 09:18:08 PDT

Next message: Michael Greenberg: "Re: OpenSSH Vulns (new?) Priv seperation"

Previous message: William N. Zanatta: "Possible flaw in XFree?"
In reply to: William N. Zanatta: "Possible flaw in XFree?"
Next in thread: Nuno Branco: "Re: Possible flaw in XFree?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 27 Jun 2002, William N. Zanatta wrote:

>   1. Logged into the system as 'william' (a normal non-privileged user).
>   2. startx
>   3. Run xlock
>   ... the screen is now locked...
>   4. Tried a hit on some keys. The password screen appears.
>   5. Then, 'ctrl-alt-backspace' and voila... X is down and my console
>is there, opened for me.
>
>   I see this as a serious problem once one could let his/her X session
>opened and locked and anyone who have access to that machine could abort
>the X session and start playing around with the logged user's shell
>(which could be the root shell).

That's a feature, not a bug :) If you don't like it, set
Option "DontZap" "on"
in your config file. Or use {g,k,x}dm rather than startx, then at least
you don't drop to a shell.


Cheers,

Phil

Next message: Michael Greenberg: "Re: OpenSSH Vulns (new?) Priv seperation"
Previous message: William N. Zanatta: "Possible flaw in XFree?"
In reply to: William N. Zanatta: "Possible flaw in XFree?"
Next in thread: Nuno Branco: "Re: Possible flaw in XFree?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 10:22:12 PDT